Specific user unable to log in on a specific machine

So here’s one. I’m administrating an set of NIS networked openSUSE machines. I just had a hard disk go bad on one of the machines, so I replaced it and re-installed openSUSE 12.2. Installed fine, ran all the updates and installed the relevant SBD: NVIDIA driver from https://en.opensuse.org/SDB:NVIDIA_drivers (one click install).

Now, I can log in to this workstation (machine A), as can other people. However, the A’s user can not. Bear in mind this is a totally fresh install. The user in question can log into other workstations fine. They can also SSH into A, and log in without an X-session, which makes me think its a graphics issue, but I cannot understand why they specifically would be unable to log in while everyone else can, apparently.

I can include any/all logs required on request, but thought I’d get the ball rolling by seeing if anyone has any ideas of even where to start.

User ids are stored as numbers.
So maybe this specific user now has a different user id as before, but the files in his home directory (and the directory itself) are still owned by the old user id, so he cannot access them.
You can get a user’s id by calling:

id $USER

Then check if the files/directories are owned by the same user id:

ls -ln /home/$USER

If not, call chown:

chown -R /home/$USER /home/$USER/.*

Edit:
I overlooked that the user can ssh in, but not log into X.
So also check specifically that those files are owned by the respective id:

ls -ln /home/$USER/.X* /home/$USER/.ICE*

alexyz h wrote:
> Now, I can log in to this workstation (machine A), as can other people.
> However, the A’s user can not. Bear in mind this is a totally fresh
> install. The user in question can log into other workstations fine. They
> can also SSH into A, and log in without an X-session, which makes me
> think its a graphics issue, but I cannot understand why they
> specifically would be unable to log in while everyone else can,
> apparently.

Can A’s user log in to the machine locally using a text login?

i.e. can s/he log in to the screen at CTRL-ALT-F1?

If so, it’s definitely a graphics issue of some type, but equally it is
most likely some configuration in their home directory that is causing
the problem.

As always, the first question is “what do the logs show”?

Thanks - this is a nice idea, but the home directories are NSF mounted via automounter (which is definitly something I should have said before, sorry, I’ve been faffing with this for ages!). The complete .xsessions-error is is here
https://dl.dropboxusercontent.com/u/5423228/error.txt

They can, and I it must be. There are some things which caught my eye in the .xsession-error logs (notably

NVIDIA: could not open the device file /dev/nvidiactl (Permission denied).
NVIDIA: could not open the device file /dev/nvidiactl (Permission denied).

But why would this be an issue for one user and not another?

OK sudo chmod 777 on both nvidia devices in the /dev folder fixed the issue, but I have NO idea why this is the case! Any ideas?

Maybe the others are part of the “video” group?
AFAIK the default user (the one created at installation time) is not added to the “video” group but additionally later added ones are.

So add that user to the “video” group as well.
See openSUSE 12.3 Release Notes

Or install all online updates. This has already been fixed in a systemd update over 2 months ago…

Edit: Oops, you are on 12.2?
This all applies to 12.3 only.
But especially upto 12.2 the users have to be part of the “video” group for the nvidia driver to work. But normally they are by default.
So try to add this user to the “video” group if he is not part of it.

That will only work until next boot as /dev is lost on sghutdown. Thus I guess it is imminent to check and implement wolfi323’s advice.

On 07/03/2013 05:26 PM, alexyz h wrote:
> anyone has any ideas of even where to start.

please show us the terminal output and input, as well as the
beginning prompt and exit prompt, from


ls -hal /home/[userID]/.X*

where [userID] is replaced by the user ID of the user who can not log
in and copy/paste the in/output back to this thread using the
instructions here: http://goo.gl/i3wnr


dd
http://tinyurl.com/DD-Caveat

On 07/03/2013 05:46 PM, wolfi323 wrote:
> ls -ln/home/$USER/.X*/home/$USER/.ICE*

i think the last version to have an ~/ICE* was 11.2, or so…


dd

On 07/03/2013 06:16 PM, alexyz h wrote:
> OK sudo chmod 777 on both nvidia devices in the /dev folder fixed the
> issue

imo it is not the best (most secure and correct) way to fix a
permissions problem is just to make the file with problems to be
readable, writable and executable by ever possible user…even those
who come in by networking…

it is MUCH safer to leave the file as it should be (ie, do not chmod
it) and discover the real problem, and fix that.

“sudo chmod 777” is a quick and easy way to treat the symptom of
problem but leave the real problem causing the symptom AND decrease
the system’s security…


dd

You must be wrong:

wolfi@amiga:~> ls -l /home/$USER/.X* /home/$USER/.ICE*
-rw------- 1 wolfi users 23897  3. Jul 10:52 /home/wolfi/.ICEauthority
-rw------- 1 wolfi users   473  3. Jul 10:50 /home/wolfi/.Xauthority
wolfi@amiga:~> lsb-release -a
LSB Version:    core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64:desktop-4.0-amd64:desktop-4.0-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0-amd64:graphics-4.0-noarch
Distributor ID: openSUSE project
Description:    openSUSE 12.3 (x86_64)
Release:        12.3
Codename:       Dartmouth
wolfi@amiga:~>

Anyway, it is clear now already that this is a permissions issue regarding /dev/nvidia*.
As I already said, that user should be added to the “video” group to fix the problem.

Yeah - thanks, I will. The weird thing other workstations have exactly the same permissions settings associated with their /dev/nvidia* files. I’d like to find a less hacky fix than this, if possible…

It is not hacky.
It is the default for every user upto and including 12.2.
And the nvidia driver absolutely needs this.

In 12.3 systemd is patched to take care of granting the logged in user access to /dev/nvidia* but that was only implemented in an online update in April.
That’s why the release notes mention this.

For other (open source) drivers this is not needed because they use some specific kernel interfaces. But the proprietary nvidia driver cannot do this since it is proprietary; only GPLed kernel modules are allowed to use that interfaces AFAIK. (= political issue)

Adding the user to the video group is not “hacky”. It should have been done automagicaly, but this user escaped that action for some reason.

Changeing permissions in system files is “hacky” and dangerous when one does not know for about 200% what the consequences are (and who knows that?).

I made my “hacky” comment in response to using

sudo chmod 777 /dev/nv* 
  • sorry, in hind-site this was very unclear. Obviously adding a user to a permission group is not hacky :wink:

This is a very attractive solution. However, while it may work (I haven’t tried yet) I don’t think it explains the behavior. None of the other uses (including myself) are members of the video group, yet we can all log in. Would the fact that user accounts are managed on an NIS server have any effect on this?

Are you sure?
Just because you didn’t add them to that group doesn’t mean they are not part of it. As I said, upto and including 12.2 new users are part of that group by default.
Use “group” to check.

Would the fact that user accounts are managed on an NIS server have any effect on this?

No idea.
But it could depend on the DE you’re logging into. Not all of them need direct rendering, for which you have to be part of the “video” group with the nvidia driver.

If you want more background information, see here:
https://bugzilla.novell.com/show_bug.cgi?id=808319

On 07/03/2013 07:46 PM, wolfi323 wrote:
> You must be wrong:

then i do not understand this:

denverd@linux-os114:~> ls -l /home/$USER/.X* /home/$USER/.ICE*
ls: cannot access /home/denverd/.ICE*: No such file or directory
-rw------- 1 denverd users 287 Jul 3 06:28 /home/denverd/.Xauthority
denverd@linux-os114:~> lsb_release -sircd
SUSE LINUX “openSUSE 11.4 (i586)” 11.4 Celadon
denverd@linux-os114:~>

ideas?
ah, maybe your Gnome/LXDE or other needs it, but my KDE does not?


dd
http://tinyurl.com/DD-Software

On 07/03/2013 10:23 PM, dd wrote:
> ah, maybe your Gnome/LXDE or other needs it, but my KDE does not?

or maybe you upgraded and kept your old /home (from the time when ICE
was needed) ??

i started with a fresh new /home, also…


dd